On 12/18/2010 03:15, Kostik Belousov wrote:
On Fri, Dec 17, 2010 at 09:41:54PM -0800, Doug Barton wrote:
Howdy,
Traditionally for contributed software generally, and BIND in particular
we have tried to keep the major version of the contributed software
consistent throughout a given RELENG_$N branch of FreeBSD. Hopefully the
reasoning for this is obvious, we want to avoid POLA violations.
Actually not. My own POV is that we should follow the vendor release
cycle, and not the FreeBSD release cycle, for the contributed software.
I do not advocate immediate upgrade of the third-party software that
reached its EOL, but I think that we should do this without pushback
if maintainer consider the neccessity of upgrade.
Just to be clear, there were considerable discussions, over a long
period of time; between myself, the release engineers, and the
security-officer team regarding the subject of BIND 9.3 in RELENG_6. I
was given the green light to upgrade if I felt it was necessary (as
you're suggesting here) but the final decision to live with the status
quo was mine, and I accept responsibility for it.
My reasoning was as follows:
1. All the latest versions of BIND are available in ports, and I made
sure that they worked in RELENG_6 so that users who wanted to stay at
that OS level but had more serious DNS needs had an easy path.
2. Because BIND 9.3 lacked the ability to do modern DNSSEC anyone who
wanted that feature would have to upgrade anyway.
3. BIND 9.3 was still suitable for the (primary) stated purpose of BIND
in the base, a basic local resolving name server.
4. BIND 9.3 was different enough that users migrating from it to more
modern versions were experiencing problems.
5. Users were naturally migrating to RELENG_[78] at a pace which
minimized the impact of the issue.
If any of those things had stopped being true my decision would have
been different, but as it was I chose to "grin and bear it" in order to
avoid the POLA violation for any users who were actually using BIND 9.3
in RELENG_6. However, the circumstances for BIND 9.4 and RELENG_7 are
different, and much more amenable to the upgrade, which is why I'm
proposing it.
hth,
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
